Senior Penetration Tester

We’re looking for a hands-on senior penetration tester who’s fluent in offensive operations across diverse environments — from web apps and mobile to infrastructure, cloud, and Active Directory. You’ll lead real-world simulated attacks, identify exploitable vulnerabilities, and deliver high-impact findings — not just scan results.

• Lead and execute security assessments across:
• Web applications, APIs, and mobile (iOS/Android)
• Internal/external networks, thick clients, AD environments
• Cloud environments (AWS/Azure/GCP)
• Wireless networks and physical security scenarios
• Conduct full-scope red team or assumed breach operations
• Craft phishing campaigns and social engineering simulations
• Write high-signal, business-aware reports with clear exploitation details and actionable remediation
• Collaborate with clients, developers, and internal teams to explain findings and fix paths
• Maintain and contribute to internal tooling and methodology

• 5+ years of offensive security or red teaming experience
• Strong technical knowledge in at least 3 of the following:
• Web/API pentesting
• Mobile app pentesting
• AD exploitation and lateral movement
• Thick client or custom protocol testing
• Cloud attack paths (IAM, misconfig, privilege escalation)
• Fluency in tools like Burp, Cobalt Strike, BloodHound, Impacket, and your own custom scripts
• Familiar with MITRE ATT&CK, OWASP Top 10, and kill chain modeling
• Strong report writing and communication skills
• Certifications like OSCP/OSEP/OSED